[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: More thoughts on From: lines
Len wrote:
> How much do we want to worry about sanitizing user-provided
> attachments in various formats? We can't simply say "no
> attachments", as this will have severe negative impact on the
> system's adoption and use.
I believe that waiting for code to sanitize user-provided attachments
would delay mixminion indefinitely. As I mentioned in an earlier email,
I don't even believe it feasible to hide the MUA (or OS) once MIME
generated outside of the mixminion system is permitted. (Windows is
going to kill you here...)
The moment the system permits user-provided non-textual attachments,
users' anonymity will be compromised en-masse. I have no opinion if that
fact warrant the conclusion to not include support for such attachments
in the system given the otherwise negative impact on adoption.
I suppose the question is: is it better to have a large number of users
and have some of these user's anonymity be compromised without their
knowing? Or it is better to have a limited number of users who are
unlikely to see their anonymity compromised without their knowing? I
guess time will tell.
--Lucky